Coding
-
[Web Hacking] Portswigger - CSRF where token validation depends on request methodCoding/Hacking & Security 2023. 3. 7. 09:50
기초적인? CSRF 공격을 해보자. 문제 분석 로그인 후 /my-account 페이지에서 email을 변경할 수 있다. 이 부분에 CSRF 공격을 시도할 수 있을것 같다. Victim에게 CSRF 공격이 포함된 페이지를 전달했을 때 자동으로 그의 email이 변경되도록 해보자. 단, victim이 해당 사이트에 로그인해놓은 상태라는 것을 가정해야 하긴 한다. 목표 Victim이 해당 사이트에 로그인해놓은 상태로 접속하면 자동으로 email이 변경되도록 CSRF를 구성해보자. 그런데 생각해야 할 점이 하나 있다. 사이트의 소스코드를 보면, 변경된 email 값과 함께 CSRF token이 같이 전달되는 모습을 볼 수 있다. 서버에서는 email 변경 요청이 오면 CSRF token을 확인하여 해당 사용자의..
-
[Web Hacking] Portswigger - Reflected XSS into HTML context with most tags and attributes blockedCoding/Hacking & Security 2023. 3. 2. 15:17
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-html-context-with-most-tags-and-attributes-blocked Lab: Reflected XSS into HTML context with most tags and attributes blocked | Web Security Academy This lab contains a reflected XSS vulnerability in the search functionality but uses a web application firewall WAF to protect against common XSS vectors. ... portswigger.net X..
-
[Web Hacking] Portswigger - SQL injection UNION attack, retrieving multiple values in a single columnCoding/Hacking & Security 2023. 2. 9. 16:20
문제 링크 : https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column Lab: SQL injection UNION attack, retrieving multiple values in a single column | Web Security Academy This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so ... portswigger.net UNI..
-
[Web Hacking] Portswigger - SQL injection UNION attack, retrieving data from other tablesCoding/Hacking & Security 2023. 1. 23. 16:16
문제 링크 : https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables Lab: SQL injection UNION attack, retrieving data from other tables | Web Security Academy This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so ... portswigger.net UNION attack을 통해 admin 계..
-
[Web Hacking] Portswigger - DOM XSS in jQuery anchor href attribute sink using location.search sourceCoding/Hacking & Security 2023. 1. 20. 14:33
문제 링크 : https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-jquery-href-attribute-sink Lab: DOM XSS in jQuery anchor href attribute sink using location.search source | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an ... portswigger.net SQL injection 문..
-
[Web Hacking] Portswigger - Blind SQL injection with time delays and information retrievalCoding/Hacking & Security 2023. 1. 5. 00:56
문제 링크 : https://portswigger.net/web-security/sql-injection/blind/lab-time-delays-info-retrieval Lab: Blind SQL injection with time delays and information retrieval | Web Security Academy This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs an SQL query containing the value ... portswigger.net Blind SQL injection을 해보자. 문제 분석 기본적..
-
[Web Hacking] Portswigger - SQL injection vulnerability allowing login bypassCoding/Hacking & Security 2023. 1. 2. 14:20
문제 링크 : https://portswigger.net/web-security/sql-injection/lab-login-bypass Lab: SQL injection vulnerability allowing login bypass | Web Security Academy This lab contains an SQL injection vulnerability in the login function. To solve the lab, perform an SQL injection attack that logs in to the application as ... portswigger.net 문제 분석 Login 함수에 SQL injection이 가능하다고 한다. 하지만 SQL query나 다른 코드 등은 공개..
-
[Web Hacking] Portswigger - SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataCoding/Hacking & Security 2023. 1. 1. 20:21
문제 링크 : https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data | Web Security Academy This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query ... portswigger.net * 참고로 Portswigger lab들의 문제는 풀이가 ..